SYSTEM FOR PREVENTING AN ILLEGAL COPY OF DIGITAL 

CONTENTS 

BRIEF DESCRIPTION OF THE DRAWINGS 

FIG. 1 is a schematic view for explaining a system for preventing an illegal copy of 
digital contents according to an embodiment of the present invention; 

FIGs. 2-5 are views for briefly explaining registration requests or digital content 
reproductions of respective blocks of FIG. 1 ; 

FIG. 6 is a view for showing an example of a file format which is supported by the 
embodiment of the present invention; 

FIG. 7 is'a block diagram for showing an output source of digital content processes 
in a content storage unit of the embodiment of the present invention; 

FIG. 8 is a view for showing an output source capable of being additionally 
connected to the embodiment of the present invention. 

Explanation reference number in drawings 

10 : authorization recognition means 
20 : record/reproduction supply means 
30 : content supply unit 
40: PC 

50 : portable record/reproduction means 
60 : recording medium 




DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT 
SUMMARY OF THE INVENTION 

FIELD OF THE INVENTION AND DESCRIPTION OF PRIOR ART 

The present invention relates to a system for preventing an illegal copy of digital 
contents, and more particularly to a system for preventing an illegal copy of digital contents 
which forms secret channels between all the systems connected to users and exchanges 
contents through the formed secret channels in order to prevent digital contents from an 
illegal copy. 

In recent years, communication environment has rapidly been developed , and each 
individual can assess a lot of information by using PC with various types of communication 
equipment. 

Therefore, there are digital content suppliers who intend to provide much more 
digital data to the above first content output units, and the digital content suppliers provide 
users with digital contents which are document information or audio files such as MP3. 

The digital content suppliers require that some fee should be payed in supply of the 
digital contents. 

In the prior art, however, it is difficult to prevent the illegal copy of the supplied digital 
contents after the digital contents has been supplied to a user. 

The present invention relates to a system having a portable recordable medium for 
preventing an illegal copy of digital contents, and more particularly to a system having a 
portable recordable medium by using a physical address of bad sectorformed the portable 
recordable medium during manufacturing process of the portable recordable medium and 
by encrypting a header of the encrypted digital contents stored in the portable recordable 
medium and recording the encrypted header on a physical address of bad sector of the 
portable recordable medium. The physical address of bad sector is formed on the portable 
recordable medium during manufacturing process of the portable recordable medium. This 




is for preventing an illegal copy of the downloaded digital contents through a terminal after 
the digital contents has been downloaded. 

In recent years, communication environment has rapidly been developed , and each 
individual can assess a lot of information by using PC with various types of communication 
equipment or first contents output unit such as internet appliance, PC, PDA, Web Phone, 
Mobile Phoen.etc. 

Therefore, there are digital content suppliers who intend to provide much more 
digital data to the above mentioned first content output units, and the digital content 
suppliers provide users with digital contents which are document information, video 
information, song words, character display such as movie caption, or audio files such as 
MP3, Aac, G2, etc. Various types of codec provided by this invention can be downloaded 
and recorded in a potable medium which can be played on a portable medium player or 
portable medium terminal. 

However, it is difficult to prevent the illegal copy of the supplied digital contents or 
the codec recorded on the portable medium if the portable medium is copied after the 
digital contents has been supplied to a user and recorded on the portable medium. 
At this time, the digital contents which are used in the present invention mean all data 
including audio, video data, as well as character data such as song words, movie caption, 
and the like to be provided through internet. 

In particular, the MP3 which is the audio data of the above digital contents is 
downloaded to the first content output unit as well as the second content output unit such 
as an MP3 player and then reproduced. 

In the meantime, the MP3 is downloaded to a content storage unit such as a 
smartmedia card built in the first content output unit, and the MP3 downloaded in the 
content storage unit is reproduced through the second content output unit. 

However, as stated above, there is a drawback in that digital data downloaded to 
the first and second content output units and the content storage unit is easily copied to 
be illegally distributed 
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TECHNICAL OBJECT OF THE INVENTION 

This invention provides a system for preventing an illegal copy of digital contents 
which is downloaded and uploaded the digital contents. The system forms secret channels 
between all the systems connected to users and exchanges contents through the formed 
secret channels in order to prevent digital contents from an illegal copy. 

The present invention provides a system having a portable recordable medium for 
preventing an illegal copy of digital contents, and more particularly to a system having a 
portable recordable medium by using a physical address of bad sector formed the portable 
recordable medium during manufacturing process of the portable recordable medium and 
by encrypting a header of the encrypted digital contents stored in the portable recordable 
medium and recording the encrypted header on a physical address of bad sector of the 
portable recordable medium. The physical address of bad sector is formed on the portable 
recordable medium during manufacturing process of the portable recordable medium. This 
is for preventing an illegal copy of the downloaded digital contents through a terminal after 
the digital contents has been downloaded. 



SUMMARY OF THE INVENTION AND DETAILED DESCRIPTION OF THE 
PREFERRED EMBODIMENT 

Accordingly, in order to solve the above problem, it is an object of the present 
invention to provide a system for preventing an illegal copy of digital contents for preventing 
from an illegal copy and distribution a digital content downloaded by forming a secret 
channel between all the system mutually connected as users download and reproduce the 
digital content. 

In order to achieve the above object, the present invention includes an authorization 
recognition unit for generating a first authentication qualification key and a first 
authentication qualification key data, which may be encrypted, and for generating a 
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manufacturing key and manufacturing key information for reproducing and outputting the 
encrypted digital contents supplied or supplying in response to a registration request signal 
inputted from external, a portable terminal supplying means requesting the registration 
request signal and receiving the manufacturing key and manufacturing key information, 
a content supply unit for transmitting the registration request signal to the authorization 
recognition unit, for storing the first authentication qualification key and the first 
authentication qualification key data inputted from the authorization recognition unit in 
order to be authorized to supply the encrypted digital contents, and for generating a second 
authentication qualification key and a second authentication qualification key data, and a 
PC for outputting the third registration request signal to the content supply unit, for storing 
the second authentication qualification key and the second authentication qualification key 
data inputted from the content supply unit, and for receiving a public key, public key 
information and digital contents. 

Further, in order to achieve the above object, the present invention includes an 
authorization recognition unit for forming a first table having a manufacturer key, a 
manufacturer key data and a second table having a token, information relating to an 
encrypted token by using the manufacturer key, identification of a portable device or 
terminal and forming a pair of table with the first table in response to a first registration 
request signal inputted from external, for generating a first table and a second table by 
using the manufacturer key and the manufacturer key data, and for generating a first 
authentication qualification key and a first authentication qualification key data in response 
to the second registration request signal inputted from external, a portable terminal unit for 
outputting the first registration request signal to the authorization recognition unit and for 
storing the manufacturer key and the manufacturer key data inputted from the authorization 
unit, a content supply unit for outputting the second registration request signal to the 
authorization recognition unit, for storing the first authentication qualification key, the first 
authentication qualification key data, and the second table, and for generating a second 
authentication qualification key and a second authentication qualification key data in 
response to a third registration request signal inputted from external, a first content output 
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unit like as a PC for outputting the third registration request signal to the content supply 
unit in order to receive the digital contents and output the received digital contents, for 
storing the second authentication qualification key and the second authentication 
qualification key data such as Public key and Public Key information inputted from the 
content supply unit, for outputting the manufacturer key data inputted from external to the 
content supply unit, for encoding and outputting the manufacturer key detected from the 
second table in response to the manufacturer key data, and a second content output unit 
such as a portable terminal for storing the manufacturer key and the manufacturer key data 
inputted from the authorization recognition unit, for outputting the manufacturer key data 
to the content supply unit through the first content output unit, and for receiving the 
manufacturer key information of the second table, which is encrypted, supplied from the 
PC in order to judge if the stored manufacturer key is authenticated. 

Further, in order to achieve the above object, the present invention includes a 
content supply unit for supplying an encoded digital content, a first content output unit 
including a database which has a reproduction data of the digital content downloaded from 
the content supply unit, encoding the database by using the third channel key for storage, 
interpreting the reproduction data of the digital content inputted from external by using the 
third channel key to be compared with a reproduction data of the database, to thereby 
judge if an illegal copy of the digital content is performed, and a second content output unit 
for updating the reproduction data of the digital content stored in advance by interpreting 
the reproduction data of the digital content inputted from the first content output unit by 
using the third channel key, and transmitting the updated reproduction data of the digital 
content to the first content output unit. 

Hereinafter, an preferred embodiment of the present invention will be described in 
detail with reference to the accompanying drawings. 

FIG. 1 is a schematic view for explaining a system for preventing an illegal copy of 
digital contents according to an embodiment of the present invention, in which the structure 




is as follows. 

An authorization recognition unit 10 generates a manufacturer key and a 
manufacturer key data in accordance with a first registration request signal inputted from 
a record/reproduction apparatus supply unit as a portable terminal supply means as 
described later, and outputs a manufacturer key and a manufacturer key data to the 
record/reproduction apparatus supply unit. Further, the authorization recognition unit 10 
uses the manufacturer key and a manufacturer key data forming first and second tables 
, and generates a first authentication qualification key and a first authentication qualification 
key in accordance with a second registration request signal inputted from a content supply 
unit. 

A portable terminal supplying means 20 outputs the first registration request signal 
to authorization recognition unit 1 0 and receiving the manufacturer key and a manufacturer 
key data generated by authorization recognition unit 10 in accordance with the first 
registration request signal. 

A content supply unit 30 outputs the second registration request signal to the 
authorization recognition unit, stores the first authentication qualification key, the first 
authentication qualification key data, and the second table, and generates a second 
authentication qualification key and a second authentication qualification key data in 
response to a third registration request signal inputted from external. 

A PC 40 as a first content output unit outputs the third registration request signal 
to the content supply unit 30 in order to receive the digital contents and output the received 
digital contents, stores the second authentication qualification key and the second 
authentication qualification key data such as Public key and Public Key information 
inputted from the content supply unit, outputs the manufacturer key data inputted from 
external to the content supply unit, encodes and outputs the manufacturer key detected 
from the second table in response to the manufacturer key data. 

A portable terminal 50 as a second content output unit stores the manufacturer key 
and the manufacturer key data inputted from the authorization recognition unit, outputs the 
manufacturer key data to the content supply unit through the first content output unit, and 
receives the manufacturer key information of the second table, which is encrypted, 
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supplied from the PC in order to judge if the stored manufacturer key is authenticated. 

In the meantime, the first authentication qualification key and thefirst authentication 
qualification key mean a public key, a public key data, and a private key 
of the content supply unit 30 generated from the authorization recognition unit 10. 

Further, the first table, as shown in FIG. 2, contains a manufacturer key 
data(Cert(MKp D )), the manufacturer key(MKp D ), and an identifier(ID MK ) corresponding to 
the manufacturer key data and the manufacturer key, and is stored in only the 
authorization recognition unit 10. Further, the second table is generated from the 
authorization recognition unit 1 0 and outputted to the content supply unit 30, and contains 
the identified ID MK ), data(ENC(MKp D , T)), and a token(T) which encodes the manufacturer 
key by using the token. 

At this time, he authorization recognition unit 10 forms a first channel key(k) which 
can be shared with the content supply unit 30 in accordance with the second registration 
request signal 31 inputted from the content supply unit 30, and outputs the first 
authentication qualification key and thefirst authentication qualification key data 1 1 which 
is encoded into the content supply unit 30 through a secrete channel formed by the first 
channel key(k). 

The first channel key is a key generated from encryption of the authorization 
recognition unit 10 by using data which the content supply unit 30 has. 

Hereinafter, an preferred embodiment of the present invention will be described in 
detail with reference to the accompanying drawings. 

FIGs. 2-5 are views for briefly explaining the flow of registration requests by 
respective blocks or Keys and Key information or data for the digital content reproductions 
by respective blocks of FIG. 1 . 

The portable terminal supply unit 20 outputs the first registration request signal to 
the authorization recognition unit 1 0 in order to register the portable device or terminal to 
the authorization recognition unit 10. 

The authorization recognition unit 10 generates and transmits manufacturer key 
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MKp D and the manufacturer key data (Cert CA (MKp D ), which is possessed by each 
designated portable device for its own use, to portable terminal supply unit 20 as a 
record/reproduction apparatus. 

Therefore, portable terminal supply unit 20 stores the received manufacturer key 
and the manufacturer key data into an internal memory like as a tempery resistant area 
of portable terminal supply unit 20 during manufacturing portable terminal supply unit 20. 
The stored manufacturer key and the manufacturer key data of portable terminal supply 
unit 20 can not be noticed by other users. 

The authorization recognition unit 10 generates the manufacturer key and the 
manufacturer key data to be transmitted to portable terminal supply unit 20 and generates 
a token randomly. 

The authorization recognition unit 10 includes two tables. The first table is 
possessed by the authorization recognition unit 10, which includes manufacturer key and 
the manufacturer key data information. 

The second table is a manufacture key information table which is transmitted from 
authorization recognition unit 1 0 to content supply means 30 and is a table having identifier 
of the portable terminal, the token encrypted by the manufacture key, and information for 
the token. 

Therefore, portable terminal 50 which is manufactured by the portable terminal 
supply unit 20 is authorized by authorization recognition unit 1 0 to store the downloaded, 
encrypted digital contents. 

In addition, The content supply unit 30 outputs the second registration request signal 
in order to obtain the authorization. 

Then, Key and Key data information is generated between content supply unit 30 
and authorization recognition unit 10 shown in Fig. 2.. 

In accordance with the request signal from content supply unit 30, authorization 

recognition unit 10 generates a private key PH/Key^ and a public key PubKey eph 
A pair of keys and key information { PrvKey,^ PubKey, 8p Cert CA (PubKey, SP } 

are generated and stored in content supply unit 30, and two tables are formed in 
dependence with the manufacture key. 
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Because content supply unit 30 and authorization recognition unit 1 0 have a channel 
formed by a co-owned key EC_DH(CA,ISP), the channel formed between content supply 
unit 30 and authorization recognition unit 10 provides a safe way to communicate each 
other without allowing an illegal copy of the downloaded information through the channel. 

Authorization recognition unit 10 transmit a encrypted key and key information to 
content supply unit 30 through the channel in order to co-own the key and key information. 
Content supply unit 30 decrypts the encrypted key and key information by using co-owned 
key and stores the key and key information. Set up between content supply unit 30 and 
authorization recognition unit 10 is finished. 

After the setup of content supply unit 30 and authorization recognition unit 10, PC 
40 transmits a request signal to content supply unit 30 to receive the encrypted digital 
contents. Content supply unit 30 transmits its public key and public key information 
PubKey i8p _ Certc A (PubKey BP ) to PC 40. PC 40 stores the received republic key and public 
key information PubKey isp Certc^PubKeyisp). 

A key generated by EC_DH(ISP,LCM) is co-owned by content supply unit 30 and 
PC 40 and forms a channel between content supply unit 30 and PC 40. PC 40 can receive 
the digital contents from content supply unit 30 through the channel. 

Public key and public key information is transmitted from content supply unit 30 
to PC 40 through the channel. Setup between content supply unit 30 and PC 40 for 
downloading the digital contents is finished. 

When a request signal is transmitted from potable terminal 50 to PC 40, potable 
terminal 50 transmits the manufacture key, which has been received from Authorization 
recognition unit 10 and stored in the memory of potable terminal 50, with the encrypted 
Public key, which is received from content supply unit, to content supply unit 30 through 
PC 40. 

Content supply unit 30 decrypts the encrypted information and compares the 
encrypted information with the information of the second table. If the encrypted information 
is identical to the information of the second table, content supply unit 30 encrypts the 
content of the table and transmits the encrypted information to PC 40. PC 40 decrypts the 
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encrypted information to obtain the information of the token. 

At this time, a channel key is randomly generated in PC, is maintained in 
confidential. PC 40 encrypts the channel key and transmit to portable terminal 50 the 
encrypted channel key by using the decrypted token information. 

Portable terminal 50 reads the token information from the information of the table 
received from content supply unit 30 by using the manufacture key. 

The registration process is finished when the channel key obtained by decrypting 
the encrypted information by using the token information and the channel key is co-owned 
by PC 40 and portable terminal 50. 

Therefore, all the units and terminals in this system are authorized to transmit and 
receive the encrypted digital contents between the units and terminals. 

PC 40 includes a data base such as RMS-DB (Right Management System-Data 
Base) described in Fig. 6 for preventing the illegal copy of the digital contents when PC 
40 transmits the digital contents received from content supply unit 30. 

The above data base is applied for processing the digital contents transmitted 
between PC 40 and portable terminal 50. Referring to the structure of the data base. 

The database contains an identifier data area of the digital content, an updated 
token data area, a data area for checking a present state of the digital content, and a 
reproduction control data area. 

Further, the database is stored in PC 40 in an encoded form by the secret channel 
key which PC 40. The most important area in the database is the updated token area, and 
the updated token area has different values when the updated token area downloads a 
digital content from PC 40 to portable terminal 50, or uploads the digital content from 
portable terminal 50 to PC 40. At this time, the updated token is transmitted to PC 40 
through portable terminal 50 to update the stored token in PC 40. 

That is, data registered in the database of PC 40 becomes different every time PC 
40 reproduces, downloads, or updates a digital content downloaded into PC 40. 
Therefore, PC 40 checks the registered data in the database if users legally use the digital 
content in the case that a request signal for reproduction, download, or upload of the digital 
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content is inputted by the users. 

Further, in the case that the digital content is downloaded or uploaded between PC 
40 and the portable terminal 50, an area is checked which has data for checking a present 
state of the digital content and which is the second area of the database. 

That is, since PC 40 checks the third area, when the portable terminal 50 downloads 
a digital content downloaded from the content supply unit to the second content output 
unit, the selection of a copy form or a transmission form can be read. 

Further, by checking check-in/check-out data included in the second area, the 
transmission state of the digital content can be read. That is, the check-in data means that 
a digital content is not downloaded from the content supply unit to the portable terminal 50. 

The check-out data means that the digital content is a downloading state from the 
portable terminal supply unit 20 to the portable terminal 50, or that the downloaded digital 
content is again uploaded to PC 40. 

The last area of the database is a reproduction control data area and contains data 
for reproduction times of a digital content, a reproduction expiration period of the digital 
content, and an amnesty period of the digital content. 

Here, the reproduction times of the digital content is a value which is established 
when a digital content is provided from the content supply unit 30 to PC 40 and which 
controls the reproduction times by counting down one by one every time the digital content 
is downloaded. 

Further, the reproduction expiration period of the digital content does not mean the 
reproduction of the digital content and the control of the output state, but a period 
established by the content supply unit 30, and the digital content downloaded from the 
content supply unit 30 to PC 40 can be reproduced in the period as stated above. 

Lastly, the amnesty period of the digital content enables the digital content 
downloaded from the content supply unit 30 to PC 40 to be reproduced irrespectively of 
the reproduction times of the digital contents or the expiration period. 

As stated above, if the content supply unit 30 accepts a download request of a 
digital content of PC 40, the content supply unit 30 firstly identifies the ID of PC 40 as a 
first content output unit, judges as PC 40 legally connected to the content supply unit 30, 
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and downloads a digital content having a file format embodied by the secret system to PC 
40. 

The file format having a digital content transmitted to PC 40 from the content 
supply unit 30, as shown in FIG. 6, contains a title ID field, a content description field 
(CDF), algorithm identifying field (AIF), an indicator of source originator field (SOI), a 
copyright holder information field (CHI) indicating a copy holder information, a right 
management field (RMF), a content encryption key (CEK), and a digital content field 
encoded to a content encryption key. 

The content description field has data such as a digital content composer, a singer, 
a record label or the like. 

The algorithm identifying field denotes an algorithm employed in the secret system 
embodied in the present invention, and there are ECC, SNAKE, CODEC and the like in the 
algorithm. 

The SOI field has one of data of ISPJD denoting an identifier of a content supply 
unit 30 of the present invention, LSPJD denoting an identifier of the first content output 
unit 40, PDJD denoting an identifier of portable terminal 50. 

Therefore, in the case that PC 40 downloads and reproduces a digital content 
having the format as stated above, firstly an algorithm encoded from the AIF field is 
identified, and the authentication qualification of PC 40 is recovered by using the identified 
encryption algorithm. 

Further, the identifier which PC 40 has and the identifier in the SOI field of the file 
format are compared to check if there is correspondence between the two. In the case of 
correspondence, the copy control state from the RMF data, the reproduction control state, 
and the transmission control state are identified to register them in the database(RMS-DB) 
which the first content output unit 40 has. 

After the above process is performed, a digital content encryption key is extracted 
by using a CEK field, and the encoded digital content is interpreted by using the encryption 
key. 

At this time, in the case that PC 40 does not violate any one of the above, the 
content supply unit 30 judges that PC 40 is legal, and downloads the digital content. 
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In the case of changing the RMF field of the file formats, in particular the 
reproduction control state, PC 40 replaces the reproduction control state data in two places 
of the database(RMS-DB) and the file format with desired data. 

Further, as stated above, in the case that a digital content downloaded from PC 40 
is again downloaded to t portable terminal 50, the following precesses are required. 

Firstly, PC 40 receives the UTD data which portable terminal 50 of the identifier of 
the second content output unit by a request to portable terminal 50. 

Therefore, portable terminal 50 encodes the UTD into the third channel key(CKp D . 
LCM ) shared with PC 40 and the third channel key(CKp D . LCM ) is transmitted to PC 40 together 
with the identifier of the second content output unit. At this time, PC 40 identifies data 
transmitted from portable terminal 50 and extracts the identifier of portable terminal 50 and 
the UTD from the transmitted data by using the channel key(CKp D _ LCM ) shared with portable 
terminal 50, and compares the extracted identifier of portable terminal 50 and the UTD with 
data registered in the database. 

If the UTD is unchanged and the RMF is changed, the first content output unit 40 
updates the two places of the database and the file format to the changed RMF. 

That is, PC 40 updates the database to a newly generated UTD, and the updated 
UTD is encoded by the channel key(CKp D . LCM ) and the encoded channel key(CKp D . LCM ) is 
transmitted to portable terminal 50. 

In the meantime, PC 40 transmits a digital content to portable terminal 50, and data 
of an initial transmission control state field is 'Transfer'. As the digital content is transmitted 
to portable terminal 50, data of the transmission control state field is changed to 
Transferred'. As stated above, changed data of the transmission control state field is 
updated in the database(RMS-DB), and is not changed in the file format. At this time, the 
transmission control state field has three types of Transfer", Transferred', and Transfer- 
non'. 

Next, as a digital content is transmitted to portable terminal 50 from PC 40, data for 
the copy control state field is initially set to the check-in in the database as well as in the 
file format, but after the digital content is transmitted, the data for the copy control state 
field is changed to the check-out both in the database and the file format. 
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If the data for the copy control state field is set to 'Copy-never', users using the 
system of the present invention can not download the digital content of PC 40 to portable 
terminal 50. 

If the above processes are correctly performed, the digital content is downloaded 
to portable terminal 50. 

Hereinafter the process of the digital contents between portable terminal 50 and 
recording medium 60 as a content storage medium is explained for preventing an illegal 
copy in downloading a digital content, which portable terminal 50 has, to the content 
storage unit 60. 

Firstly, if there is the its owned ID in the content storage unit 60, portable terminal 
50 record the digital contents which is encrypted by using the ID. 

Secondly, if there is the its owned ID in the content storage unit 60, portable 
terminal 50 record the digital contents which is encrypted by using randomly generated 
key. 

The randomly generated key T is encrypted by using a key S of the general secret 
key which is predetermined by the manufacturer of the portable terminal. 

The encrypted T is recorded on the hidden area of the content storage unit 60. 

As described above, in first case, all digital content stored in content storage unit 60 
may be reproduced in portable terminal 50. In second case, all digital content stored in 
content storage unit 60 may be reproduced in only the portable terminal 50 which is 
produced by the designated manufacturer having this system. 

The portable terminal 50 transmits to the content storage unit 60 an encoded 
digital content to be recorded in the content storage unit 60 and an encoded reproduction 
data to reproduce the digital content. At this time, another encryption of data necessary 
to produce the encoded digital content is performed as follows. That is, portable terminal 
50 contains a random number generation unit (RNG) for randomly generating a number, 
and a function process unit(F) for function-processing various inputs and generating 
predetermined values which only the content storage unit 60 can have. At this time, values 
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inputted to the function process unit(F) are a random number, a channel key, and a bad 
sector address and an inherent number which the content storage unit 60 inherently has. 
Further, another encryption of an encoded digital content reproduction data is performed 
by using function values generated in the function process unit(F). 

A digital content referred to in the present invention is downloaded from PC 40 to 
portable terminal 50 and the content storage unit 60, or uploaded from portable terminal 
50 to PC 40. 

This is denoted by checking a field indicating transmission control state data of file 
format data which is provided from the database and the content supply unit 30. 

If, as stated above, 'transfer' is indicated as a result that the first content output unit 
40 checks the database and the transmission control state data field of the file format, PC 
40 can download a digital content to portable terminal 50, if the digital content is 
downloaded from PC 40 to portable terminal 50, 'transfer' is changed to 'transferred' in the 
database and the transmission control state data field of the file format and the changed 
data is transmitted to portable terminal 50. 

Further, since the digital content downloaded to portable terminal 50 is not in PC 40, 
in order to be again reproduced in PC 40, the digital content is again uploaded from 
portable terminal 50 to PC 40. 

However, the digital content downloaded to the content storage unit 60 from PC 40 
can be reproduced in an arbitrary second content output unit 50. Further, the digital content 
downloaded to the content storage unit 60 is uploaded to another first content output unit 
40 through portable terminal 50. 

Further, various input devices are additionally connected to PC 40 and portable 
terminal 50 applied to the present invention, and such input devices are shown in detail in 
FIG. 8. 

That is, the input devices which can be additionally connected to PC 40 and portable 
terminal 50 can be CD such as Red Book CD, audio CD, super audio CD, DVD Disk, and 
analog input, and the like. 

The audio signal inputted through the input devices is inputted to PC 40, and 
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encoded according to a system supported in the present invention, and then transmitted 
to portable terminal 50, or transmitted to the content storage unit 60 to be reproduced 
through portable terminal 50. 

FIG. 8 is a view for showing an output source of Fig. 7 capable of being additionally 
connected to the embodiment of the present invention. 

As shown in FIGs, applied program interface (API) of the first content output unit 
(indicated as 'Host' ) checks if data inputted through the CD, EMD (content provided over 
internet), PM, DVD, and the like(hereinafter, referred to as 'input devices') can be 
reproduced in a system supported in the present invention. 

Therefore, if the data can be reproduced in the system supported in the present 
invention, the API converts data inputted from the input devices to a format which can be 
reproduced in the system. 

In the meantime, as a method which data can be reproduced in the system 
supported in the present invention as stated above, first, in the case that the input devices 
are the super CD or DVD, data which checks if data recorded on the storage medium can 
be copied is in an area out of data area. The API detects the area and uses the data when 
converting a signal inputted to PC 40 to a file format supported in the present invention. 

Secondly, in the case that the input device is the EMD and data inputted through 
the EMD has an encoded format, the API detects an encryption key and an encryption 
algorithm and uses the data when converting a signal inputted to the first content output 
unit 40 to a file format supported in the present invention. 

Thirdly, if the input device is a general analog input, the API encodes inputted data 
according to a system supported in the present invention. 

In the meantime, the API checks if an input device and data inputted from the input 
devices are suitable for the system and transmits the following data to the import control 
layer. 

First, data for the type of a storage medium, for example, data for a type of an input 
device such as audio CD, DVD and the like, second, data for an initial form of data inputted 
to PC 40 from an input device, for example, data for a title, a player, a singer and the like, 
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third, data for an encryption key which is data for an encryption algorithm. 

At this time, the data is transmitted to portable terminal 50 from PC 40 through the 
first interface part. Further, the data inputted from the third interface part of portable 
terminal 50 is inputted to the import control layer of the second content output unit to be 
restructured in a file format. 

That is, the file format formed in the import control layer of portable terminal 50 
indicates data for a storage medium in the title-ID field, data for initial data inputted to an 
internet appliance from an input device for the CDF, data for an encryption algorithm 
outputted to the import control layer from the API of the first content output unit for the AIF, 
LCM-ID in the Device-ID field and SOI field, data for a copyright protection in the CHI field, 
and following data for the RMF. 

First of all, 'copy not available' is indicated for the copy control state, 'check- 
in/check-out' is selectively indicated for the download/upload, 'reproduction times=no limit 
or predetermined times' is selectively indicated for the reproduction control state, and 
'transmission not available' is indicated for the reproduction control state since the copy 
control state is 'copy not available' . 

Next, CEK=k field which is a field indicating data for an encryption key, if an inputted 
digital content is not encoded, randomly generates a key(k), and a digital content inputted 
from the first content output unit is encoded by the key(k) and indicated in the last field 
(ENC(k, Content)). 

At this time, PC 40, if data inputted through an input device is encoded, judges what 
algorithm is used for encryption, and checks an encryption algorithm which portable 
terminal 50 to transmit an encoded digital content has. 

Accordingly, if two algorithms are not matched, the first content output unit 40 
interprets an encoded digital content and performs a trans-crypted process which again 
encodes the digital content with encryption/decryption algorithm which portable terminal 
50 has. 

In the meantime, in the file format formed through the process, there is a secret 
header portion from the Device-ID field to the field which indicates the encryption key. The 
secret header is encoded by the second authentication qualification key(PubKey LCM ) which 
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the first content output unit 40 has. 

In the meantime, the first interface part in PC 40 checks if portable terminal 50 has 
an identifier and the third channel key(CKp D . LCM ) and identifies if the qualification is an 
authenticated second content output unit 50. 

In the meantime, an analog input inputted to portable terminal 50 is inputted to the 
import control layer of a PDFM (PD Functional Module) in the portable terminal 50, and 
the analog input is converted to a file format supported in the present invention by a 
process described later. 

Here, the import control layer, if the analog input is received by frame unit, first 
encodes the frame, encodes the encoded frame by using a randomly generated key, and 
if all frames are encoded, a file format is formed for preventing a copy for an encoded 
analog input. 

In order to prevent an illegal copy as in data indicated for RMF, an encoded analog 
input has a detailed information. 

That is, 'copy not available' is indicated for the copy control state, 'check-in/check- 
out' is selectively indicated for the download/upload, 'reproduction times=no limit or 
predetermined times' is selectively indicated for the reproduction control state, and 
'transmission not available' is indicated for the reproduction control state. 

Further, data of the Device-ID field and the SOI field which are prepared before the 
RMF is indicated as 'PD_ID'. 

The secret header portion generated via the above process is encoded by the third 
channel key (CKp D . LCM ) which the second content output unit 50 has. 

At this time, portable terminal 50 transmits the encoded digital content to the content 
storage unit 60, since a digital content which is transmitted to the content storage unit 60 
does not indicate the SOI field data as an identifier which the content storage unit 60 has 
but as 'PD-ID' as stated above, the digital content can not be reproduced via arbitrary 
second output unit 50. 

That is, a digital content recorded on the content storage unit can be reproduced 
only in portable terminal 50 which has the same identifier as 'PD-ID' data of the SOI field 
contained in the content. 
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Accordingly, as stated above, in the present invention, entire system shares a 
channel key between units performing mutual communication, forms a safe channel, 
mutually transmits and receives a digital content, and prevents illegal users from taking the 
digital content on the way. Further, even though legal users legally downloads a digital 
content, since the second content output unit has the above structure, illegal copy of a 
digital content between the second content output unit as well as the content storage unit 
is prevented. 

The kiosk generates a registration request signal for selling an encoded digital 
content by the content supply unit 30 through a PC. Therefore, the content supply unit 30 
provides to the kiosk the storage medium having a digital content encoded by a system 
supported in the present invention according to the registration request signal, and the 
kiosk receives fees from users and transmits a digital content stored in the storage 
medium. Kiosk is a store or vending machine selling a recording medium or digital content 
which is reproduced in this system. Machine on Kiosk is regarded as a PC having an 
interface of the digital content storage medium. The recording medium interface can be 
used by any one having a supply agreement with intellectual property right owner or the 
digital content supply unit. 

In order to achieve the above object, the present invention includes an illegal copy 
protecting system having a portable terminal transmitting the encrypted digital content 
which is received from digital content supply unit to a digital content storage medium. In 
another preferred embodiment, the digital content transmitted from LCM ca be stored 
directly in the digital content storage medium. The system includes a portable terminal 
processing the random number stored in spare area of the digital content storage medium 
such as physical address of the bad sector of the digital content storage medium and 
transmitting the encrypted header of the digital content by using the processed value of 
the random number, and a digital content storage medium reading and transmitting the 
physical address by using the portable terminal and storing the number as a key value 
randomly generated by the portable terminal, and storing the encrypted header information 
encrypted by the resultant value and the encrypted digital content as sector data. 

-20- 



Portable terminal 100 process the random number stored in spare area of the 
digital content storage medium such as physical address of the bad sector of the digital 
content storage medium and channel key stored in the portable terminal and transmits the 
encrypted header of the digital content by using the processed value. 

The portable terminal can download and reproduce the MP3 music file. 

Storage medium 200 reads and transmits the physical address by using the portable 
terminal and storing the number as a part of the input function process F randomly 
generated by the portable terminal, and stores the encrypted header information encrypted 
by the resultant value and the encrypted digital content as sector data. 

The storage medium 200 is a general medium including a smart media. 

More details are explained hereinafter with drawings showing a system having a 
portable storage medium for protecting a illegal copy. 

Portable terminal 100 downloads the digital content from the content supply unit or 
PCLCM. 

Portable terminal 100 owns a secret key like as channel key CK with the content 
supply unit or PCLCM to form a channel between portable terminal and the content supply 
unit or PCLCM . 

Portable terminal 100 stores in the sector data area of the storage medium the 
digital content received through the input port of the portable terminal. 

Portable terminal 100 encrypts the header portion of the digital content in order to 
prevent the digital content stored in the storage medium from being illegal copied in other 
storage medium. The header portion of the digital content is encrypted as a CK and 
transmitted from LCM to portable terminal 100. At this time, what generates the key for 
encryption is the function process means 110. 

Function process means 110 receives as an input the physical address of the bad 
sector transmitted from storage medium 200 and receives as an input the random number 
through the random generating means 120. The random number is stored in the storage 
medium. 
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Therefore, function process means 1 1 0 receive the commonly owned key generated 
by LCM, random number, and the physical address of the bad sector of the storage 
medium for function processing and storing in the sector data area of the storage medium 
the encrypted header portion of the digital content by inputting the resultant value into the 
encryption and decryption means 130. 

It is optional to encrypt the header of the digital content by function processing 
after receiving all of the commonly owned key, random number, and the physical address 
of the bad sector or one of the commonly owned key, random number, and the physical 
address of the bad sector. 

EFFECT OF THE INVENTION 

As stated above, this invention provides the effect on protecting illegal copy between 
portable terminals because any portable has the above described same system and all 
systems consisting this invention commonly own the channel key formed between systems 
communicating each other in order to prevent the authorized user from making a copy of 
the legally downloaded digital content. 

Even if the storage medium is copied to another storage medium, the digital content 
in the another storage medium can not be reproduced from the another storage medium. 
Therefore, this invention provides the effect on basically protecting illegal copy. 

As stated above, preferred embodiments of the present invention are shown and 
described. Although the preferred embodiments of the present invention have been 
described, it is understood that the present invention should not be limited to these 
preferred embodiments but various changes and modifications can be made by one skilled 
in the art within the spirit and scope of the present invention as hereinafter claimed. 
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